current development state

6 년 전 · a5f30180f1
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@@ -1 +1,3 @@
 ---
 dkim_domains: []
 opendkim_key_size: 2048
--- a/handlers/main.yaml
+++ b/handlers/main.yaml
@@ -1 +1,6 @@
 ---

 - name: reload opendkim
  service:
    name: opendkim
    state: reloaded
--- a/tasks/main.yaml
+++ b/tasks/main.yaml
@@ -1 +1,52 @@
 ---

 - name: opendkim debian packages
  apt:
    pkg:
      - opendkim
      - opendkim-tools
      - python-openssl

 - name: opendkim config
  template:
    src: opendkim.conf.j2
    dest: /etc/opendkim.conf
  notify: reload opendkim

 - name: dkim keys directory
  file:
    path: /etc/dkimkeys/{{item}}
    state: directory
    owner: opendkim
    group: opendkim
    mode: 0700
  with_items: "{{dkim_domains}}"

 - name: dkim private keys
  openssl_privatekey:
    path: /etc/dkimkeys/{{item}}/mail.private
    size: "{{opendkim_key_size}}"
    owner: opendkim
    group: opendkim
    mode: 0600
  with_items: "{{dkim_domains}}"

 - name: dkim public keys
  openssl_publickey:
    privatekey_path: /etc/dkimkeys/{{item}}/mail.private
    path: /etc/dkimkeys/{{item}}/mail.public
    owner: opendkim
    group: opendkim
    mode: 0600
  with_items: "{{dkim_domains}}"

 - name: read dkim public keys
  command: cat /etc/dkimkeys/{{item}}/mail.public
  with_items: "{{dkim_domains}}"
  changed_when: false
  register: _opendkim_read_public_key

 - name: show dkim entries
  debug:
    msg: "{{_dkim_public_keys}}"
  with_items: "{{dkim_domains}}"
--- a/templates/KeyTable.j2
+++ b/templates/KeyTable.j2
--- a/templates/SigningTable.j2
+++ b/templates/SigningTable.j2
--- a/templates/TrustedHosts.j2
+++ b/templates/TrustedHosts.j2
--- a/templates/opendkim.conf.j2
+++ b/templates/opendkim.conf.j2
@@ -0,0 +1,80 @@
 {{ansible_managed|comment}}

 # This is a basic configuration that can easily be adapted to suit a standard
 # installation. For more advanced options, see opendkim.conf(5) and/or
 # /usr/share/doc/opendkim/examples/opendkim.conf.sample.

 # Log to syslog
 Syslog			yes
 # Required to use local socket with MTAs that access the socket as a non-
 # privileged user (e.g. Postfix)
 UMask			007

 #KeyTable                /etc/opendkim/KeyTable
 #SigningTable            /etc/opendkim/SigningTable
 #ExternalIgnoreList      /etc/opendkim/TrustedHosts
 #InternalHosts           /etc/opendkim/TrustedHosts

 # Commonly-used options; the commented-out versions show the defaults.
 #Canonicalization	simple
 #Mode			sv
 #SubDomains		no

 # Socket smtp://localhost
 #
 # ##  Socket socketspec
 # ##
 # ##  Names the socket where this filter should listen for milter connections
 # ##  from the MTA.  Required.  Should be in one of these forms:
 # ##
 # ##  inet:port@address           to listen on a specific interface
 # ##  inet:port                   to listen on all interfaces
 # ##  local:/path/to/socket       to listen on a UNIX domain socket
 #
 #Socket                  inet:8892@localhost
 Socket			local:/var/run/opendkim/opendkim.sock

 ##  PidFile filename
 ###      default (none)
 ###
 ###  Name of the file where the filter should write its pid before beginning
 ###  normal operations.
 #
 PidFile               /var/run/opendkim/opendkim.pid

 # Always oversign From (sign using actual From and a null From to prevent
 # malicious signatures header fields (From and/or others) between the signer
 # and the verifier.  From is oversigned by default in the Debian pacakge
 # because it is often the identity key used by reputation systems and thus
 # somewhat security sensitive.
 OversignHeaders		From

 ##  ResolverConfiguration filename
 ##      default (none)
 ##
 ##  Specifies a configuration file to be passed to the Unbound library that
 ##  performs DNS queries applying the DNSSEC protocol.  See the Unbound
 ##  documentation at http://unbound.net for the expected content of this file.
 ##  The results of using this and the TrustAnchorFile setting at the same
 ##  time are undefined.
 ##  In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested
 ##  unbound package

 # ResolverConfiguration     /etc/unbound/unbound.conf

 ##  TrustAnchorFile filename
 ##      default (none)
 ##
 ## Specifies a file from which trust anchor data should be read when doing
 ## DNS queries and applying the DNSSEC protocol.  See the Unbound documentation
 ## at http://unbound.net for the expected format of this file.

 TrustAnchorFile       /usr/share/dns/root.key

 ##  Userid userid
 ###      default (none)
 ###
 ###  Change to user "userid" before starting normal operation?  May include
 ###  a group ID as well, separated from the userid by a colon.
 #
 UserID                opendkim
--- a/vars/main.yaml
+++ b/vars/main.yaml
@@ -1 +1,2 @@
 ---
 _dkim_public_keys: "{{_opendkim_read_public_key|json_query(\"results[].stdout_lines[1:-1]\")|map('join')|list}}"